The SSL certificate checker is a valuable tool that assists cybersecurity professionals in evaluating the security of SSL/TLS certificates used by websites. Its purpose is to ensure that websites utilize properly configured and valid SSL certificates, which establish secure connections between users and websites.
This script analyzes various aspects of an SSL certificate, including its validity, issuer, encryption strength, and configuration. By examining these details, cybersecurity professionals can determine if the SSL certificate adheres to industry standards and best practices. They can identify potential weaknesses or vulnerabilities that could compromise the confidentiality, integrity, or authenticity of the website’s communication.
import ssl
import socket
def check_ssl_certificate(domain):
# Create a default SSL context
context = ssl.create_default_context()
try:
# Create a socket connection to the domain on port 443 (HTTPS)
with socket.create_connection((domain, 443)) as sock:
# Wrap the socket in an SSL context to establish an SSL/TLS connection
with context.wrap_socket(sock, server_hostname=domain) as ssock:
# Retrieve the peer certificate of the SSL connection
certificate = ssock.getpeercert()
# The line above returns the peer certificate, the line below may be uncommented in order to return the full certificate
# print(certificate)
return certificate
except ssl.SSLError as e:
print(f"SSL Error: {e}")
except socket.error as e:
print(f"Socket Error: {e}")
except Exception as e:
print(f"Error: {e}")
# Usage
# Put in target URL below
domain_name = "example.com"
certificate_info = check_ssl_certificate(domain_name)
if certificate_info:
print(f"SSL Certificate for {domain_name}:\n")
for key, value in certificate_info.items():
print(f"{key}: {value}") Initially, the ssl library was unfamiliar to me, and while I understood the practical function of an SSL certificate, the process of checking one was foreign. The provided script is divided into two sections: the check_ssl_certificate function and the output.
The first part of the function creates a “default ssl context,” which generates an object holding default configuration settings for the connection wrap we are about to establish. The secure tunnel created through this wrap is defined by the default SSL context. It is important to note that the default settings may not be perfect from a security perspective.
The subsequent section establishes a socket connection, a low-level interface, on port 443 to the specified domain. The SSL context is then used to wrap around this connection. Finally, the SSL certificate is obtained using the ssock.getpeercert() function. A set of potential errors is included to aid in diagnosing possible issues.
The second half of the code allows for the designation of the target URL. It retrieves either the shortened certificate or full certificate information, depending on the commented lines above, and proceeds to print the domain name, key, and value of the SSL certificate.
The overall objective of the SSL certificate checker is to provide cybersecurity professionals with a comprehensive understanding of the SSL certificate’s security status. By conducting thorough assessments, they can identify any anomalies, expired certificates, weak encryption algorithms, or other misconfigurations that might expose the website to potential risks. Armed with this knowledge, professionals can take appropriate actions to rectify any issues, strengthen the website’s security, and ensure the protection of sensitive user information during online interactions.
